Malpedia Library

2021-03-15 ⋅ Palo Alto Networks Unit 42 ⋅ Asher Davila, Ruchna Nigam, Vaibhav Singhal, Zhibin Zhang
New Mirai Variant Targeting New IoT Vulnerabilities, Including in Network Security Devices
Mirai

2021-03-11 ⋅ Palo Alto Networks Unit 42 ⋅ Unit 42
Microsoft Exchange Server Attack Timeline
CHINACHOPPER

2021-03-09 ⋅ Palo Alto Networks Unit 42 ⋅ Unit 42
Remediation Steps for the Microsoft Exchange Server Vulnerabilities
CHINACHOPPER

2021-03-08 ⋅ Palo Alto Networks Unit 42 ⋅ Chris Navarrete, Durgesh Sangvikar, Matthew Tennis, Rongbo Shao, Yanhui Jia
Attack Chain Overview: Emotet in December 2020 and January 2021
Emotet

2021-03-08 ⋅ Palo Alto Networks Unit 42 ⋅ Jeff White
Analyzing Attacks Against Microsoft Exchange Server With China Chopper Webshells
CHINACHOPPER

2021-02-19 ⋅ Palo Alto Networks Unit 42 ⋅ Dominik Reichel
IronNetInjector: Turla’s New Malware Loading Tool
Agent.BTZ IronNetInjector TurlaRPC

2021-02-17 ⋅ Palo Alto Networks Unit 42 ⋅ Nathaniel Quist
WatchDog: Exposing a Cryptojacking Campaign That’s Operated for Two Years

2021-02-05 ⋅ Palo Alto Networks Unit 42 ⋅ Efi Barkayev, Gal De Leon, Nadav Markus
Exploits in the Wild for WordPress File Manager RCE Vulnerability (CVE-2020-25213)
Kinsing

2021-02-03 ⋅ Palo Alto Networks Unit 42 ⋅ Ariel Zelivansky, Aviv Sasson, Jay Chen
Hildegard: New TeamTNT Malware Targeting Kubernetes
TeamTNT TeamTNT

2021-01-28 ⋅ Palo Alto Networks Unit 42 ⋅ Aviv Sasson
Pro-Ocean: Rocke Group’s New Cryptojacking Malware
Pro-Ocean

2021-01-19 ⋅ Palo Alto Networks Unit 42 ⋅ Brad Duncan
Wireshark Tutorial: Examining Emotet Infection Traffic
Emotet GootKit IcedID QakBot TrickBot

2021-01-11 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone
xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement

2021-01-07 ⋅ Palo Alto Networks Unit 42 ⋅ Brad Duncan
TA551: Email Attack Campaign Switches from Valak to IcedID
IcedID

2020-12-23 ⋅ Palo Alto Networks Unit 42 ⋅ Unit 42
A Timeline Perspective of the SolarStorm Supply-Chain Attack
SUNBURST TEARDROP

2020-12-17 ⋅ Palo Alto Networks Unit 42 ⋅ Matthew Tennis
SUPERNOVA SolarWinds .NET Webshell Analysis
SUPERNOVA BRONZE SPIRAL

2020-12-17 ⋅ Palo Alto Networks Unit 42 ⋅ Matt Tennis
SUPERNOVA: SolarStorm’s Novel .NET Webshell
SUPERNOVA

2020-12-14 ⋅ Palo Alto Networks Unit 42 ⋅ Unit 42
Threat Brief: SolarStorm and SUNBURST Customer Coverage
Cobalt Strike SUNBURST

2020-12-14 ⋅ Palo Alto Networks Unit 42 ⋅ Unit42
PyMICROPSIA: New Information-Stealing Trojan from AridViper

2020-12-10 ⋅ Palo Alto Networks Unit 42 ⋅ Unit42
Threat Brief: FireEye Red Team Tool Breach
Cobalt Strike

2020-12-10 ⋅ Palo Alto Networks Unit 42 ⋅ Claud Xiao, Jim Fitzgerald, Xiao Zhang, Yang Ji, Yue Chen
PGMiner: New Cryptocurrency Mining Botnet Delivered via PostgreSQL